[18285] in bugtraq
Re: where user temp files should go, env var names
daemon@ATHENA.MIT.EDU (Peter J . Holzer)
Thu Dec 21 14:33:21 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=azLHFNyN32YCQGCU; micalg=pgp-md5;
protocol="application/pgp-signature"
Message-ID: <20001221113019.A1217@wsr.ac.at>
Date: Thu, 21 Dec 2000 11:30:19 +0100
Reply-To: "Peter J . Holzer" <hjp@WSR.AC.AT>
From: "Peter J . Holzer" <hjp@WSR.AC.AT>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.31.0012190052560.1678-100000@asdf.capslock.lan>; from
Mike A. Harris on Tue, Dec 19, 2000 at 12:55:34AM -0500
--azLHFNyN32YCQGCU
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
On 2000-12-19 00:55:34 -0500, Mike A. Harris wrote:
> On Tue, 19 Dec 2000, Aaron Drew wrote:
>=20
> >I wouldn't envisage a kernel patch to give each tty or user its own
> >virtual /tmp being be THAT hard to do.
>
> The kernel doesn't differentiate between directories in the
> filesystem. For all the kernel cares /tmp is where user directories
> are stored. The kernel doesn't ever know or treat differently any
> names of dirs in the filesystem.
It shouldn't treat directories differently based on the *name*.
Some unixes have/had a "hidden directories" feature. If a flag is set
on a directory, any attempt to access the directory would instead
access one of its subdirectories, depending on some other factor.
DomainOS and some versions of Minix used this to keep different binaries
in the "same" place. So, for example, on DomainOS, you would have
/usr/bin/sysv/ps and /usr/bin/bsd/ps, and depending on whether you
were running it in SysV or BSD mode, you would get one or the other
executable when executing /usr/bin/ps. HP-UX inherited the feature from
Domain-OS, but I can't recall whether it was used for anything useful.
HP-UX 11 doesn't seem to have it anymore, anyway.
Similarly, instead of a "OS mode", the subdirectory could be based
on the user-id, so if /tmp has the "hidden-subdirs-are-userids"
bit set, an access to /tmp/mutt.12345.msg would in fact access
/tmp/1010/mutt.12345.msg, if my uid is 1010.
> This definitely has nothing at all to do with the kernel whatsoever.
> It is a userland programming issue.
>
> The kernel does not impose policy decisions upon systems, that is what
> a sysadmin is for. Fix the programmer.
"mechanism, not policy", right. However, the kernel can provide a
mechanism. Whether it is the right one (personally, I found those hidden
directories rather confusing) is debatable. Especially since there is
another mechanism in userland (the TMPDIR environment variable) which
has almost the same effect, if it is used.
hp
--=20
_ | Peter J. Holzer | Any setuid root program that does an
|_|_) | Sysadmin WSR / LUGA | exec() somewhere is just a less
| | | hjp@wsr.ac.at | user friendly version of su.
__/ | http://www.hjp.at/ | -- Olaf Kirch on bugtraq 2000-08-07
--azLHFNyN32YCQGCU
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQDQAwUBOkHbu1LjemazOuKpAQETKAXUCwrNdEVetqEQVKAIET1sE4KH6eaCI9Xl
9BnwpDqwWBD/HAt6fF/Z5c8q6Zxek8QXE+EPlFarKuAlY6/DU7siJz1RC4aePIhg
etv7p3LHBQ39P99tE5o0ksJ3BCY+kywUsloXzx3sThKKMp5w7Q51mwxC3jd59MU4
ALlLKjWacGH3WAXEkzrXC1I8Bzm0ZGQc8qMcBDxJ9yb6EvaChsJSinOzstDeX+iX
dfguQqJFMER7yyoKDjSNv8fwCw==
=NsNP
-----END PGP SIGNATURE-----
--azLHFNyN32YCQGCU--
